If I understand this correctly, this allows requests from origins on different servers.
https://github.com/Tropicode-Guam/gymjim/blob/c807e0ea9ce632c75342a00384402c6250d58957/backend/server.js#L37
This helps in development but is insecure if done in production. we should either remove it altogether and put them both on the same domain over something like nginx with virtual paths, specify a specific origin it's allowed on, and/or turn this on only for development
Chovin
commented
11 months ago
If I understand this correctly, this allows requests from origins on different servers. https://github.com/Tropicode-Guam/gymjim/blob/c807e0ea9ce632c75342a00384402c6250d58957/backend/server.js#L37 This helps in development but is insecure if done in production. we should either remove it altogether and put them both on the same domain over something like nginx with virtual paths, specify a specific origin it's allowed on, and/or turn this on only for development